Bjorn_Watland
asked on
How To Allow access to certain websites by IP Address in ISA Server 2004
I need clients to be able to access certain websites that are only specified by IP address, they do not have a corrisponding DNS name. I have created a list of IP's as a new network called Site IPs, and allowed that along with my Domain List, however, clients are still denied access to the website when an IP is specified. I would have liked to have imported them into the Domain List, however, that is not an option. Any hints on how this can be accomplished?
Windows Server 2003
ISA Server 2004
Configured as just a proxy
Windows Server 2003
ISA Server 2004
Configured as just a proxy
I'm on it.
Browntech Document Management
I use isa2006 so I will try again shortly with ISA2004
I use isa2006 so I will try again shortly with ISA2004
How many addresses are there Bjorn?
ASKER
about 80 addresses
Ah. Don't want to be typing THOSE in individually then :)
ASKER
Well, I already did that when I set up a new network with those IPs specified. I also have the list in a file, so if there's a handy VB script for importing, I could grab them from there.
Just as an aside, error 502 is Bad Gateway; not site cannot be reached.
ASKER
That is the error as I got it. I did look up this error and did run into bad gateway, and could find very little information about the host server unreachable error. i did run into this site:
http://www.mcse.ms/archive99-2005-4-1581247.html
But it does not have a solution, only duplicating the problem I have currently. Is it difficult to export all of the information for ISA 2004 and try out 2006 beta?
http://www.mcse.ms/archive99-2005-4-1581247.html
But it does not have a solution, only duplicating the problem I have currently. Is it difficult to export all of the information for ISA 2004 and try out 2006 beta?
Its not something I would do on a whim Bjorn to be honest. Lets see what we can do with this first. Let me see what I can find.
ASKER
I checked out both KB articles and I don' thave any filtering set for signatures using the HTTP filter. I did some more mucking around though. There was a site that users needed to access at http://www.waynecountylandrecords.com/. When i had the list of IP's specified as a network list, even thought I had the list set to allow communication, that site would not work, it would return the same error as above about the host not being reachable. The reason for this was that I had the IP for http://www.waynecountylandrecords.com/ in my IP list. Once I took that address out, I can browse to that site just fine. Maybe rather then a different network, the IPs need to be set up as Computers?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Setting them up as computers work. It'll just take a while to do the data entry. Thanks again!
Well done yourself. It helps sometimes just to have the conversation. Grateful for the points but I think you can chalk that one as a success to yourself !!
Regards
Keith
ISA MCT
Regards
Keith
ISA MCT
ASKER
The IT staff of One is always grateful for another person to ask the right questions.
LOL. We're always here Bjorn. Ask anytime. I have well over 100 ISA installations now so have come across most scenario's. Some of the following may be of help to you in the future.
Regards
keith
http://www.microsoft.com/isaserver/techinfo/guidance/2004/default.mspx
http://www.isaserver.org/articles/2004tunnelportrange.html
http://support.microsoft.com/default.aspx?kbid=837834&product=isas2004
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/faq-urldomainnamesets.mspx
http://support.microsoft.com/?kbid=916106
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/ipsecvpn.mspx
Regards
keith
http://www.microsoft.com/isaserver/techinfo/guidance/2004/default.mspx
http://www.isaserver.org/articles/2004tunnelportrange.html
http://support.microsoft.com/default.aspx?kbid=837834&product=isas2004
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/faq-urldomainnamesets.mspx
http://support.microsoft.com/?kbid=916106
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/ipsecvpn.mspx
ASKER
For anyone else wanting help creating a Computer Set from a script, rather then entering in 80 IP's by hand, check out http://www.isascripts.org/ for a bunch of helpful scripts for admins who value their wrists.
ASKER
Technical Information (for support personnel)
Error Code: 502 Proxy Error. The host server is unreachable. (10065)
IP Address: 199.232.150.242
Date: 5/10/2006 3:53:08 PM
Server: proxy.mysite.com
Source: proxy
If anyone cares to test, that IP address does have a website configured for it, however, I can not reach it using a client configured to go through the proxy server.